Skip to content

ci(deps): group codeql-action sub-action updates in dependabot#1129

Open
madhavilosetty-intel wants to merge 2 commits into
mainfrom
chore/group-codeql-dependabot
Open

ci(deps): group codeql-action sub-action updates in dependabot#1129
madhavilosetty-intel wants to merge 2 commits into
mainfrom
chore/group-codeql-dependabot

Conversation

@madhavilosetty-intel

Copy link
Copy Markdown
Contributor

github/codeql-action/{init,analyze,autobuild,upload-sarif} are released in lockstep from one repo but land as separate dependabot PRs. Group them so each bump opens a single PR.

github/codeql-action/{init,analyze,autobuild,upload-sarif} are released in
lockstep from one repo but land as separate dependabot PRs. Group them so
each bump opens a single PR.
@madhavilosetty-intel madhavilosetty-intel requested a review from a team as a code owner July 9, 2026 19:05
@codecov

codecov Bot commented Jul 9, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 43.54%. Comparing base (5355f54) to head (38d7b16).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1129   +/-   ##
=======================================
  Coverage   43.54%   43.54%           
=======================================
  Files         143      143           
  Lines       13621    13621           
=======================================
  Hits         5931     5931           
  Misses       7126     7126           
  Partials      564      564           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates Dependabot configuration to reduce noise from GitHub CodeQL action version bumps by grouping the github/codeql-action sub-action updates into a single PR, aligning with how those sub-actions are released in lockstep.

Changes:

  • Add a Dependabot groups rule under the github-actions ecosystem updates.
  • Group all github/codeql-action* dependencies into one Dependabot PR.

@graikhel-intel graikhel-intel left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. We first tested this change in RPS by merging device-management-toolkit/rps#2814

After that PR was merged, Dependabot correctly grouped the remaining CodeQL Action updates into a single follow-up PR: https://github.com/device-management-toolkit/rps/pull/2816/changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants